Subscribe to the Stitch Newsletter

Stitch is now GDPR-compliant

The European Union’s Global Data Protection Regulation (GDPR) is a milestone for enhancing the privacy of electronic information. It affects virtually every business in the data community. Under its terms, organizations must ensure that personal data is gathered, stored, and processed under strict controls. The organizations that collect and manage the data must protect it from misuse and exploitation and respect the rights of the data owners.

We’re happy to announce that we’re in full compliance with GDPR. The work we did last year to gain HIPAA compliance also helped us meet the GDPR technical requirements for data privacy. We’ve updated our Terms of Use to include standard contractual clauses set forth by the European Commission that establish a legal basis for cross-border data transfers from the EU. We’ve also modified the our Privacy Policy to make clear what personal data we collect and how we use it. Stitch has been a member of Privacy Shield, a certifying body for EU-US data sharing, for years, and we’re glad to continue our commitment to respecting global privacy regulations.

Stitch cares about the spirit as well as the letter of the law. We support individuals’ rights to access, rectify, erase, and restrict the processing of their personal data, and we have agreements in place with downstream processors, including AWS, the platform on which Stitch runs, to ensure that they’re GDPR-compliant. We’ve also trained our team on best practices for handling personal data.